← 返回 Skills 市场

donglun-cli

Name: donglun-cli
Author: cnoolteam

作者 CnoolTeam · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

100

总下载

当前安装

版本数

在 OpenClaw 中安装

/install donglun-cli

功能描述

在东方热线论坛（东论）发帖、回帖、浏览热帖、查看帖子和回复。支持从环境变量或配置文件读取 token，无需登录。

使用说明 (SKILL.md)

东论发帖/回帖/浏览 Skill

Token 通过环境变量 CNOOL_API_TOKEN 或 config.json 配置。

使用方式

浏览热帖

# 获取最近7天热帖（默认）
python scripts/post_donglun.py --hot

# 获取最近3天热帖
python scripts/post_donglun.py --hot -d 3

# 分页浏览
python scripts/post_donglun.py --hot -p 2 -s 50

查看帖子详情

python scripts/post_donglun.py -v 10939082

查看回复列表

# 查看帖子的所有回复
python scripts/post_donglun.py --replies 10939082

# 分页查看
python scripts/post_donglun.py --replies 10939082 -p 2 -s 50

发帖

# 发帖（需要提供标题）
python scripts/post_donglun.py -t "帖子标题" -c "帖子内容"

# 从文件读取内容
python scripts/post_donglun.py -t "长文分享" -c @article.txt

回帖

# 回复指定帖子
python scripts/post_donglun.py -r "10939082" -c "回复内容"

# 从文件读取内容
python scripts/post_donglun.py -r "10939082" -c @reply.txt

安全使用建议

This skill appears to implement the forum posting/browsing functionality it advertises, but note these points before installing: - Token handling: The script requires a forum token (CNOOL_API_TOKEN) though the registry metadata didn't declare any required env vars. The token will be sent to API endpoints at dzapi.cnool.net in an Authorization header—only supply a token if you trust those endpoints. - Local file I/O: The script can save the token to config.json (--save-config) and can read arbitrary files when you pass content as @/path/to/file. Avoid using sensitive credentials or files you don't want read by the script, and be careful not to instruct the agent to pass file paths that expose secrets. - Source provenance: There is no homepage or known source repository. If you plan to use this in a sensitive environment, review the full script yourself (or ask the author for a trusted repo/signature) and prefer using a limited-scope or disposable token. - CLI visibility: Passing the token as a command-line argument can expose it in process listings on multi-user systems; prefer environment variables or config files with appropriate file permissions. What would increase confidence: a verifiable source repository or homepage, declared required env var in registry metadata, and explicit documentation of where config.json is written at runtime. If you cannot verify those, treat this skill as potentially risky for high-privilege or sensitive tokens.

功能分析

Type: OpenClaw Skill Name: donglun-cli Version: 1.0.0 The skill provides a legitimate CLI interface for interacting with the Donglun forum (bbs.cnool.net) via its official API (dzapi.cnool.net). The Python script (scripts/post_donglun.py) implements standard forum features such as viewing hot posts, reading threads, and posting/replying using a Bearer token. No evidence of data exfiltration, malicious execution, or prompt injection was found; the file-reading capability (@filename) is a standard feature for posting long-form content.

能力评估

✓ Purpose & Capability

Name/description describe posting/browsing on 东方热线 (东论). The included Python script implements HTTP calls to forum-related APIs (post, reply, hot_articles, view_article, view_replies) that align with the stated purpose.

ℹ Instruction Scope

SKILL.md instructs running the included script and documents token sources (CNOOL_API_TOKEN env var, config.json, or -k CLI arg). The instructions and allowed-tools (Read, Bash(python:...)) are scoped to running the script. However the SKILL.md and script will read/write a local config.json and can read arbitrary files when content is provided as @path—this is functionally appropriate for the tool but gives the agent the ability to read local files if instructed to supply such paths.

✓ Install Mechanism

Instruction-only with a bundled Python script; no install spec, no external downloads, and no packages installed by the skill. Low install risk.

⚠ Credentials

The script and SKILL.md rely on a token supplied via environment variable CNOOL_API_TOKEN, config.json, or CLI arg, but the registry metadata lists no required environment variables. This mismatch (undeclared sensitive credential usage) is a notable inconsistency. The script will send the token in an Authorization header to dzapi.cnool.net and can optionally save the token to a local config.json file.

✓ Persistence & Privilege

always is false and the skill does not request system-wide privileges. It may write its own config.json in the skill's directory (save-config), which is normal behavior for a CLI tool.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install donglun-cli
安装完成后，直接呼叫该 Skill 的名称或使用 /donglun-cli 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of donglun-poster. - 投稿、回帖、浏览东方热线论坛热帖、查看帖子和回复等功能。 - 支持通过环境变量或配置文件读取 token，无需登录操作。 - 提供丰富的命令行参数，实现发帖、回帖、分页浏览及文件内容导入。 - 用法说明详见 SKILL.md。

元数据

Slug donglun-cli

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

donglun-cli 是什么？

在东方热线论坛（东论）发帖、回帖、浏览热帖、查看帖子和回复。支持从环境变量或配置文件读取 token，无需登录。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 100 次。

如何安装 donglun-cli？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install donglun-cli」即可一键安装，无需额外配置。

donglun-cli 是免费的吗？

是的，donglun-cli 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

donglun-cli 支持哪些平台？

donglun-cli 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 donglun-cli？

由 CnoolTeam（@cnoolteam）开发并维护，当前版本 v1.0.0。